summaryrefslogtreecommitdiff
path: root/app/controllers/users_controller.rb
diff options
context:
space:
mode:
authorNavaL <ayoyo@thoughtworks.com>2016-07-14 15:44:07 +0200
committerNavaL <ayoyo@thoughtworks.com>2016-07-14 15:44:07 +0200
commite3c2cb91dfef5c39c608b967e702e9de977d1bd2 (patch)
tree154dc28dd986bd6e0a48e933c5da46994ffaa0cb /app/controllers/users_controller.rb
parente2f19bcfb6dbce77746c2d61715340525b29a592 (diff)
parentf09e6ec1337962ab279f021a6a6d0ff30479ebe0 (diff)
Merge branch 'develop' of https://github.com/leapcode/leap_web into feature/expose_admin_in_api
Diffstat (limited to 'app/controllers/users_controller.rb')
-rw-r--r--app/controllers/users_controller.rb28
1 files changed, 7 insertions, 21 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 1404b0e..4d198b9 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -5,11 +5,9 @@
class UsersController < ApplicationController
include ControllerExtension::FetchUser
- before_filter :require_login, :except => [:new]
- before_filter :redirect_if_logged_in, :only => [:new]
+ before_filter :require_login
before_filter :require_admin, :only => [:index, :deactivate, :enable]
- before_filter :fetch_user, :only => [:show, :edit, :update, :destroy, :deactivate, :enable]
- before_filter :require_registration_allowed, only: :new
+ before_filter :fetch_user, :only => [:show, :edit, :destroy, :deactivate, :enable]
respond_to :html
@@ -27,25 +25,12 @@ class UsersController < ApplicationController
@users = @users.limit(100)
end
- def new
- @user = User.new
- end
-
def show
end
def edit
end
- ## added so updating service level works, but not sure we will actually want this. also not sure that this is place to prevent user from updating own effective service level, but here as placeholder:
- def update
- @user.update_attributes(params[:user]) unless (!admin? and params[:user][:effective_service_level])
- if @user.valid?
- flash[:notice] = I18n.t(:changes_saved)
- end
- respond_with @user, :location => edit_user_path(@user)
- end
-
def deactivate
@user.account.disable
flash[:notice] = I18n.t("actions.user_disabled_message", username: @user.username)
@@ -73,10 +58,11 @@ class UsersController < ApplicationController
protected
- def require_registration_allowed
- unless APP_CONFIG[:allow_registration]
- redirect_to home_path
+ def user_params
+ if admin?
+ params.require(:user).permit(:effective_service_level)
+ else
+ params.require(:user).permit(:password, :password_confirmation)
end
end
-
end